dap 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dap/filter/udp.rb +25 -4
  3. data/lib/dap/version.rb +1 -1
  4. data/spec/dap/filter/udp_filter_spec.rb +39 -0
  5. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 509c4659bddb3d19bd03810c38d9b7210a40f137
4
- data.tar.gz: 856444fb5a3a6352bdedd975fe47898c98eae2d0
3
+ metadata.gz: 6991fe2ebe6781802697f56a62a1a83dd5bbb83b
4
+ data.tar.gz: 8e6aef8bd4a882c6bbd0b0563926e00127079b91
5
5
  SHA512:
6
- metadata.gz: e6b147d71d185f1fc4f55582cdcde9d026d3421f2dd0fda0b3e48106d380c1049efd8fc3fb9ea2d5c189c59ed66f8db2929a944fe883e5f347a79ddf5440998e
7
- data.tar.gz: 2ca8a31ca56632bc319a1201787729ba7b3845ed55cc2e1126fc519a8effef604460e85af3a32741453d68659e27126bb7c09063648741761ef64795b0aeefac
6
+ metadata.gz: c9a979ee64979cae1d6dafa3ec261064ed67f69150fe2fe5ba3f045f01404b07bbb55da9bdc48d8f6b741cd899a25ee89536d58816ef1f1cbfee6da2c21dd65c
7
+ data.tar.gz: 4ba074456d6c4e4ac1503e8f9126cede1f2fbefa199f7a39e3071d101c6d86c3f4af42b65b6d438d7d31fdc8970825e62c915cb9a75f264314d930db8f8c14f9
data/lib/dap/filter/udp.rb CHANGED
@@ -38,19 +38,40 @@ end
38
38
  #
39
39
  # Decode a DNS bind.version probe response ( zmap: dns_53.pkt )
40
40
  #
41
+ # Note: The TCP DNS response contains two additional bytes at the beginning
42
+ # of the data which indicate length. Net::DNS::Packet doesn't handle this
43
+ # so we've implemented a fall back that will retry parsing with the first two
44
+ # bytes removed if the initial parsing attempt raises an exception.
45
+ #
41
46
  class FilterDecodeDNSVersionReply
42
47
  include BaseDecoder
43
48
  def decode(data)
44
49
  begin
45
50
  r = Net::DNS::Packet.parse(data)
46
- return if not r
51
+ rescue
52
+ r = nil
53
+ end
47
54
 
55
+ unless r
56
+ begin
57
+ # Perhaps a TCP DNS response, trim the first two bytes (length value)
58
+ # and try again..
59
+ trimmed_data = data[2..-1]
60
+ r = Net::DNS::Packet.parse(trimmed_data)
61
+ rescue
62
+ return {}
63
+ end
64
+ end
65
+
66
+ return {} unless r
67
+
68
+ begin
48
69
  # XXX: This can throw an exception on bad data
49
70
  vers = r.answer.map{|x| x.txt.strip rescue nil }.reject{|x| x.nil? }.first
50
- return if not vers
51
- return { "dns_version" => vers }
71
+ return {} unless vers
72
+ return { 'dns_version' => vers }
52
73
  rescue ::Exception
53
- { }
74
+ {}
54
75
  end
55
76
  end
56
77
  end
data/lib/dap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dap
2
- VERSION = "0.1.9"
2
+ VERSION = "0.1.10"
3
3
  end
data/spec/dap/filter/udp_filter_spec.rb ADDED
@@ -0,0 +1,39 @@
1
+ describe Dap::Filter::FilterDecodeDNSVersionReply do
2
+ describe '.decode' do
3
+
4
+ let(:filter) { described_class.new([]) }
5
+
6
+ context 'parsing empty string' do
7
+ let(:decode) { filter.decode('') }
8
+ it 'returns an empty hash' do
9
+ expect(decode).to eq( {} )
10
+ end
11
+ end
12
+
13
+ base64_string = "AF8074UAAAEAAQABAAAHVkVSU0lPTgRCSU5EAAAQAAPADAAQAAMAAAAAACcmOS44LjJyYzEtUmVkSGF0LTkuOC4yLTAuMzcucmMxLmVsNl83LjXADAACAAMAAAAAAALADA=="
14
+ test_string = base64_string.to_s.unpack('m*').first
15
+
16
+ context 'parsing a partial response' do
17
+ let(:decode) { filter.decode(test_string[2..10]) }
18
+ it 'returns an empty hash' do
19
+ expect(decode).to eq( {} )
20
+ end
21
+ end
22
+
23
+ context 'parsing TCP DNS response' do
24
+ let(:decode) { filter.decode(test_string) }
25
+ it 'returns the correct version' do
26
+ expect(decode).to eq({ 'dns_version' => '9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5' })
27
+ end
28
+ end
29
+
30
+ # strip the first two bytes from the TCP response to mimic a UDP response
31
+ context 'parsing UDP DNS response' do
32
+ let(:decode) { filter.decode(test_string[2..-1]) }
33
+ it 'returns the correct version' do
34
+ expect(decode).to eq({ 'dns_version' => '9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5' })
35
+ end
36
+ end
37
+
38
+ end
39
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-08-01 00:00:00.000000000 Z
11
+ date: 2017-08-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -223,6 +223,7 @@ files:
223
223
  - spec/dap/filter/http_filter_spec.rb
224
224
  - spec/dap/filter/ldap_filter_spec.rb
225
225
  - spec/dap/filter/simple_filter_spec.rb
226
+ - spec/dap/filter/udp_filter_spec.rb
226
227
  - spec/dap/input/json_spec.rb
227
228
  - spec/dap/proto/ipmi_spec.rb
228
229
  - spec/dap/proto/ldap_proto_spec.rb
@@ -260,6 +261,7 @@ test_files:
260
261
  - spec/dap/filter/http_filter_spec.rb
261
262
  - spec/dap/filter/ldap_filter_spec.rb
262
263
  - spec/dap/filter/simple_filter_spec.rb
264
+ - spec/dap/filter/udp_filter_spec.rb
263
265
  - spec/dap/input/json_spec.rb
264
266
  - spec/dap/proto/ipmi_spec.rb
265
267
  - spec/dap/proto/ldap_proto_spec.rb